Connecting to WinGate proxy results in NXNAME code 3 to ARPA

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Connecting to WinGate proxy results in NXNAME code 3 to ARPA

Postby harokomiri » Jan 15 17 7:58 am

Hello there!

This is probably a rather basic situation, but I'm nonetheless interested in tips concerning it :)
I've been interested for a while now on how is it possible to work around a restricted network. Since I'm not interested in breaking rules, I asked a colleague to setup me with a challenge.

As far as I know, the setup consists of a Windows 7 VM bound by group policies, a firewall working on whitelist basis, and a pesky proxy. My goal is to reach steampowered.com and download the installer for Steam from the machine. The challenge is that the site is blocked by the proxy, and the default config always routes me to a proxy which restricts the page to just plain HTML without css nor images. The download itself is completely blocked. Connecting without the proxy to any site is blocked.

I do have an admin account, but want to avoid changing the system options and focus on forcing a single program to use an unblocked proxy via VPN. I'm using the Opera browser, and using command parameters I'm able to see that I'm using the right server by opening the opera://net-internals/#proxy page.

I've setup Teamviewer from the client PC to my private PC with unblocked connection, by using the Teamviewer's VPN adapter on both ends. Afterwards a rather basic setup without much fiddling around, I setup Wingate on the private PC to act as a SOCKS proxy for the VPN adapter. The service is installed, does not require authentication, and is bound to the VPN. I'm able to connect to it using Opera, but then any site I try to reach is unreachable. The following error shows up in the browser:
"The steampowered.com page isn’t working
steampowered.com didn’t send any data."

And it seems that the DNS resolution on the Wingate side is asking Google DNS addresses for resolution of ARPA addresses, but it gets bounced back:
41 44 14.01.2017 19:12:58.351 DNS Client 1588 64 Warning 0 response code 3 (NXNAME) from 8.8.4.4, processing aborted for query: test-0eccfa26-a55f-4abf-8b0b-2b80e109868e.dnsloopcheck.qbik.com (type A)
42 45 14.01.2017 19:12:58.354 DNS Client 1588 65 Warning 0 response code 3 (NXNAME) from 8.8.8.8, processing aborted for query: test-ae5dec90-0159-4d6a-a41f-18ae3fc6b2ba.dnsloopcheck.qbik.com (type A)
43 46 14.01.2017 19:26:24.076 7.30.254.254 DNS Client 1588 82 Warning 0 response code 3 (NXNAME) from 8.8.4.4, processing aborted for query: 254.254.30.7.in-addr.arpa (type PTR)

7.30.254.254 is the VPN address for the blocked client PC. I am not exactly sure how to proceed with this error message popping up.

I'm also unable to identify what are the addresses in question - tracert does not want to work with that 254.254.30.7 that's being sent for reverse lookup:
Tracing route to 254.254.30.7 over a maximum of 30 hops
1 Transmit error: code 1231.

By the way, I am very impressed with the overall quality of the interface for the program, I wish you best of luck in keeping it up and will perhaps support you a bit after my paycheck :)
And again, I'd be grateful for helping me out!
harokomiri
 
Posts: 2
Joined: Jan 15 17 7:33 am

Re: Connecting to WinGate proxy results in NXNAME code 3 to

Postby harokomiri » Jan 15 17 11:19 pm

I've also found some odd messages when I've enabled debug logs from the SOCKS service. Whenever I try to connect to anything, including both domain names and IP addresses, it comes out as below:
205 208 14.01.2017 20:41:54.207 7.30.254.254 Unknown SOCKS Service 11528 173 Info 1 New connection:
206 209 14.01.2017 20:41:54.213 7.30.254.254 Unknown SOCKS Service 11528 173 Debug 0 unhandled command buffer type [67] - terminating
207 210 14.01.2017 20:41:54.214 7.30.254.254 Unknown SOCKS Service 11528 173 Info 2 Traffic: 0 246 0 0 0s
208 211 14.01.2017 20:41:54.214 7.30.254.254 Unknown SOCKS Service 11528 173 Info 10 Session terminated: invalid command

An error code 71 also appears from time to time:
201 204 14.01.2017 20:41:54.085 7.30.254.254 Unknown SOCKS Service 6128 172 Info 1 New connection:
202 205 14.01.2017 20:41:54.093 7.30.254.254 Unknown SOCKS Service 6128 172 Debug 0 unhandled command buffer type [71] - terminating
203 206 14.01.2017 20:41:54.094 7.30.254.254 Unknown SOCKS Service 6128 172 Info 2 Traffic: 0 449 0 0 0s
204 207 14.01.2017 20:41:54.094 7.30.254.254 Unknown SOCKS Service 6128 172 Info 10 Session terminated: invalid command
harokomiri
 
Posts: 2
Joined: Jan 15 17 7:33 am

Re: Connecting to WinGate proxy results in NXNAME code 3 to

Postby adrien » Jan 16 17 7:23 pm

Hi

there are several DNS lookups WinGAte does itself for various reasons.

lookups like test-0eccfa26-a55f-4abf-8b0b-2b80e109868e.dnsloopcheck.qbik.com are used to probe a configured DNS server to see if it can perform DNS lookups for internet domains. Since we host this domain, our DNS server responds to this looiup with a no such name (NXNAME) response, which WinGate then knows means that the request got through to the Qbik DNS servers, and therefore the server WinGate asked forwards requests through to the internet and Qbik DNS.

lookups like 254.254.30.7.in-addr.arpa (type PTR) are triggered when a computer connects to WinGate. WinGate does a reverse lookup (PTR type request), where the IP address is octet-reversed and prepended to in-addr.arpa (that's how you do a IP-> name lookup).

Regards

Adrien de Croy
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Connecting to WinGate proxy results in NXNAME code 3 to

Postby adrien » Jan 16 17 7:26 pm

As for the SOCKS error, that log event means WinGate took the first byte from the packet received from the client,and it wasn't 4 or 5 (SOCKS4 or SOCKS5) but some other data, in your case 67 or 71

Is the client connecting to the SOCKS server even a SOCKS client? Maybe it's trying to send some HTTP directly to the SOCKS server or some other protocol than SOCKS.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 33 guests